Tuesday, January 16, 2007

Spyware infested computer = jail time for victim?

The appeals still have to move through the process, but it appears that a substitute teacher in Norwich has been convicted and may be sentenced to 40 years in jail because the computer she was using in the classroom was infected with adware that caused uncontrollable pr0n pop-ups.

I don't personally have all the facts yet on this case, but my experience with client infections makes me wonder if she may be an innocent victim of fly-by adware. Unanswered questions include: 1) was it her computer, or the schools? 2) if the schools, where were their software security policy and safeguards?

The prosecutor for the case stated she had to deliberately click on certain links, but we security professionals have seen many cases where IE links have been set to their "visited" state by adware popups.

Update: More information and speculation and worse, the prosecution admits that it made no search made for spyware during its investigation.